Search GSSD

International Cybersecurity Norms: Reducing Conflict in an Internet-dependent world

Abstract: 
The emerging dependence on information and communication technology (ICT), particularly the internet, necessitates the collaborative establishment of international norms to improve defenses and prevent offense in the cybersecurity space. Nations states each develop strategies for the exploitation or defense of cyberspace based on their own laws, resulting in cyber insecurity and international tensions if unchecked. Behavior in cyberspace, and its acceptability, can be outlined in a framework of actors, their objectives and actions, and the intended and unintended impacts. Actions specifically can be analyzed through their types of technology and data security attributes, including confidentiality, integrity, availability, and nonrepudiation. Disruption in cyberspace can occur as more common minor cybersecurity events, conflict, or even cyberwar, with each level being regulated by a dedicated legal framework. Therefore, the six proposed norms are required to maintain peace in cyberspace. First, countries should avoid intervening in tech companies, which would result in increased vulnerabilities and diminished trust. Second, states should develop a framework for reporting vulnerabilities to their corresponding overseers. Third, countries must limit their development of cyber weapons. Fourth, states need to focus on restricting the spread of cyber weapons. Fifth, governments should limit offensive actions in cyberspace in order to maintain global security. Finally, countries must aid private companies in dealing with cybersecurity events. With these proposed cybersecurity norms, the world can begin a debate around protecting technologies in cyberspace.
Author: 
Angela McKay, Jan Neutze, Paul Nicholas, Kevin Sullivan
Institution: 
Microsoft
Year: 
2014
Domains-Issue Area: 
Region(s): 
Industry Focus: 
Internet & Cyberspace
Datatype(s): 
Policies